The Apache server power commander part 1
By Dirk Brockhausen
You may have encountered the name "mod_rewrite" before when surfing the web. For all of our readers who are not intimately familiar with this nifty Apache Web
Server module - and, of course, for those who don't know it all - we are presenting this small introductory tutorial as a multipart serial.
Module mod_rewrite is a package of program routines which can be added to the Apache Web Server. (Note that it will not run under other web servers!)
Its primary function is the manipulation of URLs. The module is very versatile as we are going to illustrate here with a number of real world examples.
However, be very careful and meticulous when working with it! Some mistakes you might be liable to make could generate a logical loop, causing a never-ceasing
100% CPU load.
To steer clear from this, we will start off with some very simple examples.
Before we can get going, however, you will have to check whether the module is installed on your web server at all.
There are several ways to go about this:
1. Ask your system administrator - provided he or she knows. They really should, but unfortunately some plain do not ...
Take care, though: if you are sharing your host server with hundreds of other domains, your inquiry might rouse some sleeping dogs, as usage of mod_rewrite will always entail some increased CPU load.
2. Check your Apache configuration file if you can access it. One possible standard path might be: /etc/httpd/httpd.conf However, your mileage may obviously vary.
3. Check it out with one of the following examples. If it works fine, mod_rewrite is indeed installed on your system. If it isn't, you will get the following message when calling any web page of your choice: "Internal Server Error"
Also, you will see this entry in file "error.log": "Invalid command 'RewriteEngine', perhaps mis-spelled or defined by a module not included in the server configuration."
If your site generates heavy traffic, this method is not recommended, as every visitor will receive this very same error message during your test.
So now let's dig into our first practical example!
We will assume that you will be using mod_rewrite only for your own web site, i.e. not as a generalized cross server setup.
To effect this, some entries in file .htaccess are required.
The .htaccess File
For this technique to work, you will need to upload a file named ".htaccess" (please note the period/dot at the beginning of the file name!) to your server
directory. This can be done via telnet or ftp. (Warning! .htaccess should only be uploaded in "ASCII mode", i.e. not in binary mode!)
If you already have a ".htaccess" file, for example one with the following entries:
Options Includes +ExecCGI AddType text/x-server-parsed-html .html
simply add our code sample to it.
IMPORTANT!
ADJUSTMENTS IN FILE ".htaccess": please edit in ASCII or plain text editor like Notepad etc.
The first two entries will start the module:
RewriteEngine on
Options +FollowSymlinks
Tip: Entry "RewriteEngine off" will override all subsequent commands. This is a very useful feature: instead of having to comment out all subsequent lines, all you need to do is set an "off".
If your system administrator does not allow for implementation of "Options +FollowSymlinks", you will not be able to restrict usage of mod_rewrite to
your directories but will instead have to apply it server wide.
The next required entry is this:
RewriteBase /
"/" stands for the base URL. Should you have another one, you will want to include it. However, "/" is normally the entry for "http://www.YourDomain.com".
And now to the entries proper!
Let us assume that you want to block unauthorized access to your file .htaccess. On some servers you can easily read this file simply by entering a URL of the following format in your browser's address field: http://www.domain.com/.htaccess - a serious
security gap, as your .htaccess file's contents may reveal more about your site's setup to the educated eye than you may want others to know.
To block this access, enter the following:
RewriteRule ^\.htaccess$ - [F]
This rule translates to:
If someone tries to access file .htaccess, system shall generate error code "HTTP response of 403".
The file name ^\.htaccess$ is contained in a regular expression, to wit:
^ Start of line anchor
$ End of line anchor
\. In regular expressions the dot "." denotes a
meta character and must be protected by a backslash (\) if you want an actual dot (period) instead.
The file name must be located exactly between start and end of line anchor. This will ensure that only this specific file name and no other will generate the error code.
[F] : special flag "forbidden".
In this example, the complete ".htaccess" file will now consist of these lines:
RewriteEngine on
Options +FollowSymlinks
RewriteBase /
RewriteRule ^\.htaccess$ - [F]
If we add our code to a pre-existing ".htaccess" file, we might, for example, get the following entries:
Options Includes +ExecCGI
AddType text/x-server-parsed-html .html
RewriteEngine on
Options +FollowSymlinks
RewriteBase /
RewriteRule ^\.htaccess$ - [F]
This introduction covers the basics required to operate with mod_rewrite.
In the second part of this tutorial we will explain the use of conditions in configuring the module.
You may check up general documentation here:
--------------------------------------------
Module mod_rewrite URL Rewriting Engine:
http://www.apache.org/docs/mod/mod_rewrite.html
A Users Guide to URL Rewriting with the
Apache Webserver:
http://www.engelschall.com/pw/apache/rewriteguide/
Continue with this tutorial >>>
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Web Development Articles
More By Developer Shed
 developerWorks - FREE Tools!
|
Hear how IBM Rational Project and Portfolio Management integrated solutions help teams put the right tools and processes in place to maximize the effectiveness and efficiency of project teams and ensure that the business vision is being executed correctly. Learn how to automate and integrate requirements prioritization, top-down project planning, communications and controls, and methodology deployment to keep your scope, costs, and schedules under control. Tackle with an end-to-end approach the management of scope and scope changes, usage of methodology to control and empower project teams, and optimization of resources to align activity costs with the overall project plan.
FREE! Go There Now!
|
|
|
|
Learn how you can extend modern application lifecycle management to IBM System z through the IBM Rational Software Delivery Platform (SDP). The Did you say mainframe? e-kit includes podcasts, webcasts, tutorials, white and red papers, demos, and articles designed to help ease the challenges of modernizing your enterprise. This complimentary kit for mainframe developers is a practical, how-to guide for making the most of an existing development environment, including the skills and infrastructure already in place at an established enterprise.
FREE! Go There Now!
|
|
|
|
Download a free trial version of IBM Rational Developer for System i V7.1, which provides a complete development environment for traditional i5/OS application development. IBM Rational Developer for System i is a new eclipse-based workstation offering for i5/OS application development that provides a comprehensive Integrated Development Environment for edit/compile/debug of traditional RPG/COBOL/C/C++ i5/OS applications.
FREE! Go There Now!
|
|
|
|
Visit IBM developerWorks to download a free trial of the Rational Host Access Transformation Services (HATS) Toolkit. The HATS toolkit provides a set of plug-ins for the IBM Rational Software Delivery Platform to help you easily extend your legacy applications. HATS makes your 3270 and 5250 applications available as HTML through the most popular Web browsers, while converting your host screens to a Web look and feel and it also enables you to develop new Web, portal, and rich-client applications.
FREE! Go There Now!
|
|
|
|
Listen to this webcast to get an overview of Info 2.0 and a technical demo of how to quickly build an enterprise mashup. IBM's Info 2.0 technology leverages emerging Web 2.0 technologies such as mashups, feeds, AJAX, and JSON in order to simplify assembly of information using feeds and services. Come learn about the technical elements of Info 2.0 including the Feed Generation framework, Mashup Engine, and mashup assembly components. Learn how to pull information from databases, departmental information, and the Web to create mashups critical to your company’s success. We will also discuss best practices to help you get started.
FREE! Go There Now!
|
|
|
|
Ken Krugler, co-founder of code search company Krugle, and Laura Merling, vice president of Marketing and Business Development for Krugle, join to talk about the ins and outs of code search and what it means as a new feature for developerWorks users.
FREE! Go There Now!
|
|
|
|
Learn how to do more with your reusable assets with the free Rational Asset Manager eKit. The eKit includes demos on how Rational Asset Manager tracks and audits your assets in order to utilize them for reuse. Plus you’ll find white papers and a Webcast that discuss the challenges of a Service Oriented Architecture and how Rational Asset Manager can provide quick and effective solutions.
FREE! Go There Now!
|
|
|
|
Regression testing -- in which code is thoroughly tested to ensure that changes have not produced unexpected results -- is an important part of any development process. But many testing environments neglect the terminal-based applications that still form the backbone of many industries. In this tutorial, you'll learn how the Rational Functional Tester Extension for Terminal-Based Applications works with other Rational Functional Tester to help test terminal-based applications quickly and easily.
FREE! Go There Now!
|
|
|
|
As organizations have grown increasingly dependent on online software, the risk of malicious attacks has also become far more serious. Fortunately, well-governed organizations can protect their Web applications by injecting vulnerability assessments and ethical hacks into their software development and delivery processes. This paper describes 12 of the most common hacker attacks and provides basic rules that you can follow to help create more hack-resistant Web applications.
FREE! Go There Now!
|
|
|
|
WebSphere Process Server delivers a unique integration framework that simplifies existing IT resources. Often, as IT assets grow to support business demand, so too does their complexity and manageability. In this webcast, we’ll discuss how WebSphere Process Server helps deliver an SOA infrastructure that provides a common model to orchestrate, mediate, connect, map, and execute the underlying IT functions. Discover how WebSphere Process Server simplifies integration of business processes by leveraging existing IT assets as reusable services without the complexities of traditional integration methodologies.
FREE! Go There Now!
|
|
|
|
All FREE IBM® developerWorks Tools!
|
/ 10 
